Information Sharing Systems and Architecture

As a member of the ISE, it is essential to understand the operational environment in which you work. This includes being aware of the various information sharing systems.

Intelligence analysts utilize numerous databases, many of which are focused on a narrow area of interest. However, there are some that are commonly used. Most federal databases limit access to individuals who work in law enforcement or the intelligence community, and, therefore not all databases may be available to you. In addition, some databases require a security clearance for access.

Automated Critical Asset Management System (ACAMS)


Effective June 6, 2014, the DHS Office of Infrastructure Protection (IP) formally decommissioned the Automated Critical Asset Management System (ACAMS) and began to transition state, local, tribal, and territorial critical infrastructure protection partners to the Infrastructure Protection Gateway (IP Gateway).



The eGuardian system is FBI-owned and maintained. It provides an unclassified, secure web-based platform for reporting incidents such as “an occurrence or reporting of a suspicious activity, threat or event relating to terrorism, cyber or criminal activity.” In 2014, the eGuardian system became “the primary Shared Data Repository for suspicious activity reports” in support of the Nationwide SAR Initiative.” Once vetted by an accepted and trained approver, this information will be shared with law enforcement at all levels in order to more effectively identify and track threats and threat patterns and take actions to mitigate such threats.” After review, certain incidents may be migrated from eGuardian to the FBI’s internal Guardian system and may be assigned to the appropriate Joint Terrorism Task Force (JTTF) for possible further investigative action.

See also the updated (2014) Privacy Impact Assessment on the eGuardian System, which describes the system's overall operation privacy and civil liberties protections.


Access will be provided to federal, state, local, tribal, and territorial “law enforcement partners who qualify for access to the LEO Enterprise portal and are specifically granted access to eGuardian.” Law enforcement partners include sworn enforcement officials and those working in a direct law enforcement capacity (i.e., analysts, terrorism liaison officers, etc.). If you do not have access to LEO, an application is available on its website.

Federal Bureau of Investigations Network (FBINet)


FBINet serves as a global area network used for communicating secret information including investigative case file data and intelligence pertaining to national security. For example, the classified Guardian Threat Tracking System resides on FBINet. It is operated, maintained, and access-controlled by the FBI.


For access to FBINet, fusion center personnel and other potentially qualified law enforcement personnel should contact their FBI representative for more information.

Homeland Security Data Network (HSDN)


The Homeland Secure Data Network (HSDN) is a secret-level classified network through which Department of Homeland Security officials—as well as authorized federal, state, and local partners, including fusion centers personnel—can access tactical and strategic intelligence and other homeland security information up to the SECRET level. HSDN also serves as a consolidated backbone that brings together multiple, legacy SECRET-level classified networks across the DHS enterprise.

Fusion Center Note: If you are interested in knowing whether your fusion center has access to HSDN, contact your DHS Intelligence Officer for more information.

Homeland Security Information Network (HSIN)


The Homeland Security Information Network (HSIN) is a national secure, unclassified, web-based portal for information sharing and collaboration between federal, state, local, tribal, territorial, private sector, and international partners engaged in the homeland security mission.

HSIN is made up of a growing network of communities, called Communities of Interest (COI). COIs are organized by state organizations, federal organizations, or mission areas such as emergency management, law enforcement, critical sectors, tribal, and intelligence. HSIN provides secure, real-time collaboration tools, including a virtual meeting space, instant messaging, and document sharing. HSIN allows partners to work together instantly, regardless of their location, to communicate, collaborate, and coordinate.


“Membership in HSIN is COI-based. To become a member, you will need to be nominated and vetted into the COI. E-mail the HSIN program at or contact the Mission Advocate associated with the COI of interest.”

Anticipated in fiscal year 2015, authorized HSIN users will be able to access LEEP, RISS, and Intelink-U. Conversely, LEEP, RISS, and Intelink-U users will be able to access HSIN. This federated interoperability means users no longer need to establish a separate account or password for each system—one credential will open any door.

Fusion Center Note: Fusion center analysts may be interested in joining the following COIs: Intel (intelligence), LE (law enforcement), EM (emergency management), CS (critical sector), tribal, and state specific.

National SAR Initiative (NSI)


The Nationwide SAR Initiative (NSI) is a collaborative effort among federal, state, local, tribal, and territorial law enforcement to establish a national capacity for analyzing and sharing suspicious activity reporting (SAR). Toward that end, SAR reports are shared through the SAR Data Repository (SDR)—also referred to as “the shared space-a decentralized distributed data model used to make standardized terrorism—related information available through Common Terrorism Information Sharing Standards applications and services.”

Source: NCIRC, SAR Process Implementation Checklist

The NSI considers part of its core mission to rigorously protect the privacy and civil liberties of individuals. The NSI also works closely with the National Network of Fusion Centers.

NSI Management:

NSI coordinates and manages the development and deployment of its technology, training, and outreach. The NSI has released a line of online SAR training for a variety of audiences: line officers, corrections, fire, EMS, emergency management, public safety telecommunications, maritime, and the private sector. NSI also delivers a more intensive on-site training for a variety of audiences.

Law Enforcement Enterprise Portal (LEEP) (formally LEO)


LEEP is a secure, Internet-based information sharing system for agencies around the world that are involved in law enforcement, first response, criminal justice, anti-terrorism, and intelligence. With LEEP, members can access or share sensitive but unclassified information anytime and anywhere.”

“LEEP members have access to a variety of services via LEEP, including LEEP Chat (an Instant Messaging service), e-Learning for self-paced study, calendar services, e-mail, forums (a Bulletin Board service), special interest groups, and several crisis-management communication mechanisms.”


LEEP is available to law enforcement, criminal justice, or public safety agency/department personnel whose position requires secure communications with other agencies via the Internet. As an information-sharing forum, all members are encouraged to contribute information in their area of interest or expertise. Enrollment instructions are available online.

Anticipated in fiscal year 2015, authorized LEEP users will be able to access HSIN, RISS, and Intelink-U. Conversely, HSIN, RISS, and Intelink-U users will be able to access LEEP. This federated interoperability means users no longer need to establish a separate account or password for each system—one credential will open any door.

FEMA Lessons Learned Information Sharing (


Lessons Learned Information Sharing ( is a Department of Homeland Security/Federal Emergency Management Agency program. serves as the national, online network of lessons learned, best practices, and innovative ideas for the emergency management and homeland security communities. includes a library of exclusive documents and user-submitted materials related to all aspects of homeland security and emergency management. This information and collaboration resource helps emergency response providers and homeland security officials prevent, protect against, respond to, and recover from terrorist attacks, natural disasters, and other emergencies.


Individuals involved in emergency response and homeland security from all levels and disciplines are eligible to access Enrollment information is available on-line.

Fusion Center Note: In addition, there are several excellent examples of fusion center PCRCL best practices.

IP Gateway


The IP Gateway serves as the single interface through which DHS partners can access a large range of integrated infrastructure protection tools and information to conduct comprehensive vulnerability assessments and risk analyses. This, in turn, enables homeland security partners to quickly identify relevant vulnerabilities and consequence data in support of event planning, incident preparedness, and response efforts.

Completed records and attachments from ACAMS have been migrated to the IP Gateway and are accessible to users who have been granted access by their IP Gateway Administrator. While the ACAMS website is no longer accessible, data previously submitted in ACAMS continues to be maintained by the Protected Critical Infrastructure Information (PCII) Program Office and continues to receive PCII protection.


To obtain access to the IP Gateway, all users must be Protected Critical Infrastructure Information (PCII) certified and must complete required IP Gateway training. For more information about the PCII Program and the protections it affords, please go to the PCII Program Office website.


For additional information on IP Gateway, contact the IP Gateway Help Desk at: or 866-844-8163.

For additional information regarding the ACAMS Decommission, please see the ACAMS Decommission Frequently Asked Questions fact sheet, or contact the IP Gateway Help Desk at: or 866-844-8163.

National Criminal Intelligence Resource Center (NCIRC)


The National Criminal Intelligence Resource Center (NCIRC) is funded by the U.S. Department of Justice, Office of Justice Programs, Bureau of Justice Assistance (BJA). BJA’s overall goals are to reduce and prevent crime, violence, and drug abuse and improve the functioning of the criminal justice system. To achieve these goals, BJA programs emphasize enhanced coordination and cooperation of local, state, and federal efforts. BJA encourages the development and implementation of comprehensive strategies; provides training and technical assistance; reduces the availability of illegal weapons and develops strategies to address violence in our communities; enhances the ability of criminal justice agencies to access and use new information technologies; and encourages and supports evaluation of the effectiveness of funded programs and dissemination of program results in order to reduce and prevent crime and violence.


The NCIRC maintains two sites: The public site provides criminal justice professionals with easy access to a multitude of resources that are primarily concerned with local, state, tribal, and federal law enforcement intelligence operations and practices. The secured website provides additional training materials and information resources expressly for law enforcement professionals. For access to the secured site, log on to: Law Enforcement Enterprise Portal (LEEP) or the Regional Information Sharing Systems (RISSNet).

Fusion Center Note: Fusion center personnel can access a variety of resources through NCIRC, including trainings such as: 28 CFR Part 23; “The Importance of Privacy, Civil Rights, and Civil Liberties Protections in American Law Enforcement and Public Safety;” and “State and Local Anti-Terrorism Training.” NCIRC also offers infrastructure best practices examples.

National Data Exchange (N-DEx)


The Law Enforcement National Data Exchange (N-DEx) is an information-sharing tool used by criminal justice professionals. It is a repository of criminal justice records from local, state, tribal, and federal agencies across the nation, available in a secure online environment, managed by the FBI’s Criminal Justice Information Services (CJIS) Division. N-DEx brings together data from the entire criminal justice life cycle such as incident and case reports, arrest reports, missing persons, computer-aided dispatch calls, citations/tickets, bookings and holdings, incarceration data, and parole/probation information. Additionally, N-DEx automatically correlates and resolves data from open and closed reports to detect relationships between people, vehicles/property, locations, and/or crime characteristics. It also supports multi-jurisdictional task forces-enhancing national information sharing, links between regional and state systems, and virtual regional information sharing.


Access is through a range of methods including an N-DEx portal link on the LEEP homepage. Enrollment instructions are available on-line.

NCTC Online (NOL-S) and NCAT Online CURRENT


These are classified databases serving the counterterrorism community through development of counterterrorism products and articles available to users across approximately 75 United States government agencies. The NOL-S repository includes all SECRET level terrorism-related products written by the National Counterterrorism Center (NCTC), DHS, or FBI, and issued as single-agency, joint, or fully vetted community products.


NOL-S is accessible to state and local partners through networks provided by both DHS Homeland Secure Data Network (HSDN) and the Federal Bureau of Investigations Network (FBINet).

Regional Information Sharing System (RISS)


The Regional Information Sharing Systems® (RISS) Program is a nationwide information sharing and investigative support program that serves thousands of local, state, federal, and tribal law enforcement and public safety agencies in all 50 states, the District of Columbia, U.S. territories, Australia, Canada, England, and New Zealand. RISS serves as a force multiplier, effectively and efficiently aiding agencies in tackling crime problems in their areas. RISS consists of six regional centers as well as a technology support center.


For access visit the RISS website. Users must have completed training on 28 CFR Part 23.

Anticipated in fiscal year 2015, authorized RISS users will be able to access HSIN, LEEP, and Intelink-U. Conversely, HSIN, LEEP, Intelink-U users will be able to access RISS. This federated interoperability means users no longer need to establish a separate account or password for each system—one credential will open any door.

The six RISS Centers are:

  • Middle Atlantic-Great Lakes Organized Crime Law Enforcement Network® (MAGLOCLEN)
    • Area of Responsibility (AOR): DE, IN, MD, MI, NJ, NY, OH, PA, and D.C., as well as Australia, Canada, and England
    • Contact: (800) 345-1322 or
  • Mid-States Organized Crime Information Center® (MOCIC)
    • AOR: IL, IA, KS, MN, MO, NE, ND, SD, and WI, as well as parts of Canada
    • Contact: (800) 846-6242 or
  • New England State Police Information Network® (NESPIN)
    • AOR: CT, ME, MA, NH, RI and VT, as well as parts of Canada
    • Contact: (800) 343-5682 or
  • Rocky Mountain Information Network® (RMIN)
    • AOR: AZ, CO, ID, MT, NV, NM, UT, and WY, well as parts of Canada
    • Contact: (800) 821-0604 or
  • Regional Organized Crime Information Center® (ROCIC)
    • AOR: AL, AR, FL, GA, KY, LA, MS, NC, OK, SC, TN, TX, VA, and WV, Puerto Rico, and the U.S. Virgin Islands
    • Contact: (800) 238-7985 or
  • Western States Information Network® (WSIN)
    • AOR: AK, CA, HI, OR, and WA, as well as parts of Canada and Guam
    • Contact: (800) 952-5258 or

DoD Mission Partner Environment (MPE)


As a matter of practice, the Department of Defense (DoD) conducts most, if not all, of its operations on the Secret Internet Protocol Router Network (SIPRNet). As a result, the Department has learned from operations in Afghanistan; operations in support of relief efforts in the aftermath of the Haiti earthquake; and operations elsewhere, that its use of the SIPRNet and its mission partners use of stovepiped information sharing capabilities and practices does not facilitate efficient and effective information sharing. The Mission Partner Environment (MPE) was thus born out of operational necessity and expediency to conduct operations utilizing a common mission environment in order to more effectively share information with a wide array of mission partners.

The MPE is defined as an operating environment which enables command and control for the planning, preparation, and execution of operational activities utilizing existing capabilities (network infrastructure, systems, etc.) in a single security domain (SECRET/Releasable or UNCLASSIFIED) using a common language. Ultimately, an MPE allows the DoD to move operations off of the SIPRNet therefore eliminating network limiting factors when conducting mission partner operations and on to a common/federated mission network.

SIPRNet is a “worldwide router-based network” at “the core of our warfighting command and control capability” and is “fast becoming the de facto standard of preferred data services” for the DoD and the Department of State. “The initial SIPRNet backbone router network went online 3 March 1994,” with subscribers “coming on-line shortly thereafter.” The SIPRNet WAN is a series of “backbone routers interconnected by high-speed serial links to serve the long-haul data transport needs of secret-level DoD subscribers […] Subscribers within the DoD and other Government Agencies are able to use the SIPRNET for passing datagrams at the Secret-Not Releasable to Foreign Nationals (SECRET-NOFORN) classification level.”



Fusion Center Note: As of July 21, 2014, DHS-sponsored State, local, tribal, and territorial personnel working in fusion centers are authorized to have direct access to the DoD SIPRNet as part of their fusion center responsibilities.

Source: MOA between DHS and DoD signed in July 2014.

The Non-classified Internet Protocol Routing Network (NIPRNet) which is in the process of being re-designated as “the SBU IP Data Network”-provides point-to-point connectivity to Defense Information Systems Agency (DISA) mission partners. This unclassified IP data service for Internet connectivity and information transfer supports DoD applications such as e-mail, web services, and file transfer. The SBU IP Data service also provides DoD customers with centralized and protected access to the public Internet. NIPRNet provides support to SBU IP Data telecommunication services for combat support applications to the DoD, Joint Chiefs of Staff (JCS), Military Departments (MILDEPS), Combatant Commands (COCOM), and senior leadership. It provides seamless, interoperable, common user IP services to customers with access data rates ranging from 56 kilobits per second (Kbps) to 2.4 gigabits per second (Gbps) via direct connections to a NIPRNet router, and services to the Tactical community via Integrated Tactical-Strategic Data Network /Standard Tactical Entry Point (ITSDN/STEP) sites. It also provides access to the Internet through controlled Internet Access Points.

The All Partners Access Network (APAN) is an unclassified non-dot-mil environment providing structured (e.g., file sharing, calendaring) and unstructured (e.g., wiki, blogs, chat, and forums) information sharing and collaboration capability for the purposes of non-PKI enabled Unclassified Information Sharing (UIS) with multinational partners, non-governmental organizations, and the various U.S. federal, state, local, and tribal agencies in support of Stability Operations, Humanitarian Assistance (HA)/Disaster Relief (DR), Theater Security Cooperation (TSC), and Defense Support of Civil Authorities (DSCA). APAN is a DoD Enterprise Service hosted by DISA on its own Internet connection completely disconnected from the DoD Information Network. Access to APAN is available at



Intelink, which began testbed operation in 1994, is both an architectural framework and an integrated intelligence dissemination and collaboration service providing uniform methods for exchanging intelligence among intelligence providers and users. The Intelink service was patterned after the Internet model in which a variety of institutions have come together in the context of a global network to share information.”

Intelink “is part of an overall effort to reduce duplication among the various agencies and services, enhance interoperability, modernize systems, and leverage the impressive developments by the commercial sector in the multimedia computing and communications fields.

“The Intelink intelligence network links information in the various classified databases of the U.S. intelligence agencies (e.g., FBI, CIA, DEA, NSA, USSS, NRO) to facilitate communication and the sharing of documents and other resources.

“Intelink components include:

  • Intelink-U (formerly known as the Open Source Information System (OSIS)
  • Intelink-S
  • Intelink-SCI
  • Intelink-P
  • Intelink-C

“Intelink-S (and C2-link), the secret-level variant of Intelink, has begun to expand rapidly in scope and reach. As the intelligence support medium for Global Command and Control System (GCCS) and law enforcement activities, Intelink-S is expected to become the principal growth area for intelligence products and services. Its customer base will be extraordinarily diverse, eventually encompassing all areas of U.S. government operations that can benefit from integrated intelligence support and collaboration.”



Anticipated in fiscal year 2015, authorized Intelink-U users will be able to access HSIN, LEEP, and RISS. Conversely, HSIN, LEEP, and RISS users will be able to access Intelink-U. This federated interoperability means users no longer need to establish a separate account or password for each system-one credential will open any door.